-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
--
Message: 13
Date: Fri, 30 May 2003 12:06:28 +0200
From: Jose Antonio G?mez Mu?oz [EMAIL PROTECTED]
Subject: [Samba] load password users in Ldap
To: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
Hello,
I'm new in Samba Ldap. I use samba-2.2.3a and openldap2-2.1.4-46.
Please use a newer version of samba, firstly 2.2.3a is vulnerable to a
remote root exploit, secondly, a lot of changes required for good LDAP
operation are only available in later (ie 2.2.7a or later) releases.
I am going to load in Ldap a lot of users in a ldif file as it is
shown below. But I don't know how to put samba password. I can use:
smbpasswd juan1
and then the fields lmPassword and ntPassword are changed. In this
way, after load all users in Ldap I would need a script to do a
smbpasswd for each user automatically, without prompt me for each one.
¿ How can I do to avoid prompting me ?
See the mkntpwd program in examples/LDAP/smbldap-tools/mkntpwd for a
tool that will create LM and NT hashes for you from a clear-text password.
If you already have samba passwords in an smbpasswd file, see
import_smbpasswd.pl in examples/LDAP, If you have users in passwd files,
you can also import a lot of the information using the migration tools.
I think it is better to put the real password in lmPassword and
ntPassword but it doesn't work. Which is the easiest method to put the
samba password in the load process?
ldif file
==
dn: uid=juan1, ou=smb, dc=Colegio Oficial de Arquitectos de Madrid, dc=es
cn: juan1
objectClass: sambaAccount
objectClass: posixAccount
uid: juan1
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
userPassword: hola
lmPassword: 37D5B8AB8069F5B8AB5B8AB8B8AB8069
ntPassword: 5B8AB8B8AB85B8A5B8AB8B8AB82BE319
acctFlags: [UX ]
uidNumber: 1020
gidNumber: 1001
loginShell: /bin/bash
rid: 3040
primaryGroupID: 513
homeDirectory: /dev/null
/etc/samba/smb.conf
ldap server = localhost
ldap port = 389
ldap suffix = ou=smb, dc=Colegio Oficial de Arquitectos de Madrid, dc=es
ldap admin dn = cn=Manager, dc=Colegio Oficial de Arquitectos de
Madrid, dc=es
Your suffix implies that you own the domain Colegio Oficial de
Arquitectos de Madrid.es (dc means domain component), you may want to
rather use o=Colegio Oficial de Arquitectos de Madrid,c=es instead, or a
real domain-type suffix.
BTW, you may want to review these documents, which cover a lot of the
issues:
http://www.mandrakesecure.net/en/docs/samba-pdc.php
http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php
(note, some minor modifications may occur to these documents still ...)
Since you are using openldap-2.1, you should also look at this document:
http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#AUXILIARY
(at this stage, openldap-2.0.x may be a better choice, just because it
is understood better, and all the available schemas work with it).
Regards,
Buchan
- --
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+11KJrJK6UGDSBKcRApjTAJ9QL5MbtkMx1uZIygPnXwxYLXexTgCfUX7/
6gLzfRnhEgmjsBk9DKvHXX8=
=JPIb
-END PGP SIGNATURE-
**
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer.
**
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
